Rules

Secret ingredients to quality software

Edit
Info

Do you disable insecure protocols?

Created on 02 Nov 2017 | Last updated by Tiago Araujo on 20 Nov 2017 05:22 PM (over 3 years ago)

For better server security (especially regarding public facing servers), certain security protocols and ciphers should be disabled.

Using a tool called "IIS Crypto 2.0" by Nartac, these protocols can be easily disabled instead of having to manually edit the Registry Keys.

  1. Download IIS Crypto 2.0 (https://www.nartac.com/Products/IISCrypto/Download)
  2. Run this on the server you wish to lock down
  3. Select the best practices button

IIS Crypto 2 0
Figure: Good example – TLS should be enabled and SSL should be disabled

  1. Ensure that TLS 1.0 is also disabled and hit apply
  2. The server will need to be rebooted before the settings take effect
Adam CoganAdam Cogan
Steven AndrewsSteven Andrews

We open source. This page is on GitHub